Exploiting Similarity Between Variants to Defeat Malware
نویسندگان
چکیده
Manymalicious programs are just previously-seen programs that have had someminor changes made to them. A slightly different variant hardly qualifies as a stealth attack: being 99% the same as a known piece of malware should be a dead giveaway. This white paper describes a method for searching database of programs for a match. The methods are adapted from ordinary text search and analysis; the key to making them work is in selecting the right aspects of the programs to compare. The aspects compared are features called “n-perms” which are constructed from abstracted, disassembled code. Two studies show that these methods can be applied successfully to the problems of matching malware.
منابع مشابه
Replacement Attacks: Automatically Impeding Behavior-Based Malware Specifications
As the underground market of malware flourishes, there is an exponential increase in the number and diversity of malware. A crucial question in malware analysis research is how to define malware specifications or signatures that faithfully describe similar malicious intent and clearly stand out from other programs. It is evident that the classical syntactic signatures are insufficient to defeat...
متن کاملA Static, Packer-Agnostic Filter to Detect Similar Malware Samples
The steadily increasing number of malware variants is a significant problem, clogging the input queues of automated analysis tools. The generation of malware variants is made easy by automatic packers and polymorphic engines, which produce by encryption and compression a multitude of distinct versions. A great deal of time and resources could be saved by prioritizing samples to analyze, either,...
متن کاملDetecting Malware Variants by Byte Frequency
In order to make lots of new malwares fast and cheaply, attacker can simply modify the existing malwares based on their binary files to produce new ones, malware variants. Malware variants refer to all the new malwares manually or automatically produced from any existing malware. However, such simple approach to produce malwares can change signatures of the original malware so that the new malw...
متن کاملA static, packer-agnostic filter to detect similar malware samples
The steadily increasing number of malware variants is becoming a significant problem, clogging the input queues of automated analysis tools and polluting malware repositories. The generation of malware variants is made easy by automatic packers and polymorphic engines, which can produce many distinct versions of a single executable using compression and encryption. Malware analysis tools and re...
متن کاملSecurity considerations related to the use of mobile devices in the operation of critical infrastructures
An increasing number of attacks by mobile malware have begun to target critical infrastructure assets. Since malware attempts to defeat the security mechanisms provided by an operating system, it is of paramount importance to understand the strengths and weaknesses of the security frameworks of mobile device operating systems such as Android. Many recently discovered vulnerabilities suggest tha...
متن کامل